ICANN itself doesn't check, but rather relies on registrars to do so based on whois data problem reports filed by the public at-large.
Whois data problem reports is an under-documented security hole ... anyone can file a report in the hopes of knocking a domain off-line and/or hijacking it.
Registrars are all supposed to act equally on whois data problem reports reports, but in reality, some will generally ignore them and do nothing while other registrars won't hessistate initating action (ie. emailing the registrant) even if the trouble report itself appears suspect.
Here's the kicker ... passwords, registrar-lock, etc are offer zero protection from whois data problem reports...
And theoretically (never heard of it happening as of yet), a "private" registration could be vulnerable too if the filer of the whois data problem report convinces the registrar that the underlying whois information is incorrect - this admittedly is a stretch, but not beyond the realm of possibilities.
With all that said, the easiest way to avoid most such problems is to maintain accurate whois information on file at all times...
007's post about getting a PO BOX is spot on... that's definitely the way to go. Many domain folks do that - that was among the first things I did back in 1997 when I registered my first domains.
Not so keen on 007s changing the email address suggestion though ... yes, changing emails a lot can greatly reduce spam ... but it's easy to lose track (or for a registrar to do so and revert back to an older one) ... faulty / outdated email addresses is how many lose their domains; experience problems performing updates.
Ron